http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_laas.html
Check this link, it confirms our understanding. On Wednesday, June 13, 2012, Eugene Pefti wrote: > Thanks, Fawad,**** > > I remember looking into it but somehow I skipped the right name in the > long list.**** > > Let me get it right. This command outputs all available and known to IOS > attributes or only those returned by RADIUS ?**** > > If it’s only RADIUS and I guess it by the only available prompt:**** > > ** ** > > R6#sh aaa attribute protocol ? **** > > radius Show RADIUS equivalent attributes**** > > ** ** > > then I’d need to know the service type to prefix it to the RADIUS > attribute string, correct ?**** > > It makes life a bit easier and requires remembering the right service > name, e.g. shell, auth-proxy and so on**** > > ** ** > > ** ** > > *From:* Fawad Khan [mailto:[email protected] <javascript:_e({}, 'cvml', > '[email protected]');>] > *Sent:* Wednesday, June 13, 2012 5:34 PM > *To:* Eugene Pefti > *Cc:* CCIE Security Maillist > *Subject:* Re: [OSL | CCIE_Security] TACACS attributes missing in Cisco > docs ?**** > > ** ** > > Try show aaa attribute > > On Wednesday, June 13, 2012, Eugene Pefti wrote:**** > > Guys,**** > > Am I missing something? It is a notorious question about role-based access > and CLI views but my point is about finding the required details in Cisco > docs.**** > > I need the right TACACS attributes for cli-view. Assuming that I forgot > the it is “cli-view-name” I navigate to following sections hoping to find > the right syntax:**** > > 1. Securing User Services Configuration Guide Library, Cisco IOS > Release 12.4T**** > > 2. User Security Configuration Guide, Cisco IOS Release 12.4T**** > > Nothing for TACACS attributes…**** > > Then I decide to take a look at **** > > 3. TACACS+ Configuration Guide, Cisco IOS Release 12.4T**** > > And find nothing again. Is it just an oversight from Cisco ?**** > > Same for RADIUS. I go to the section called “RADIUS Attributes > Configuration Guide, Cisco IOS Release 12.4T” and don’t find anything for > cli-view.**** > > **** > > Earlier last year Kamran posted a message here referring to Cisco docs. > I’m quoting his message:**** > > **** > > *As per CISCO DOC CD: * > > "When RADIUS authorization is enabled it's necessary to supply parser view > name using Cisco AV-Pair which is *009\001*." > > This attribute should contain: > > *RADIUS* > shell:cli-view-name= > shell:priv-lvl=15 **** > > I’m stupidly accepting that I can’t find anything in Cisco docs anymore. > And I wish it is not only for cli-views. There are tons at RADIUS and > TACACS attributes but there’s no good systematic reference in Cisco docs. > Just a collection of garbage.**** > > **** > > Eugene**** > > **** > > > > -- > FNK**** > -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
